Prevent crash when ts_rewrite() replaces a non-top-level subtree with null.

When ts_rewrite()'s replacement argument is an empty tsquery, it's supposed
to simplify any operator nodes whose operand(s) become NULL; but it failed
to do that reliably, because dropvoidsubtree() only examined the top level
of the result tree.  Rather than make a second recursive pass, let's just
give the responsibility to dofindsubquery() to simplify while it's doing
the main replacement pass.  Per report from Andreas Seltenreich.

Artur Zakirov, with some cosmetic changes by me.  Back-patch to all
supported branches.

Discussion: https://postgr.es/m/[email protected]

diff --git a/src/backend/utils/adt/tsquery_rewrite.c b/src/backend/utils/adt/tsquery_rewrite.c
index 044055ad1a847a1ad285525e336826d1bbd0b6f6..1672450cc4d5e272778b4a0bfa20abd66baf67e3 100644 (file)
--- a/src/backend/utils/adt/tsquery_rewrite.c
+++ b/src/backend/utils/adt/tsquery_rewrite.c
@@ -140,6 +140,12 @@ findeq(QTNode *node, QTNode *ex, QTNode *subs, bool *isfind)
 
                node->nchild = j;
 
+               /*
+                * At this point we might have a node with zero or one child,
+                * which should be simplified.  But we leave it to our caller
+                * (dofindsubquery) to take care of that.
+                */
+
                /*
                 * Re-sort the node to put new child in the right place.  This
                 * is a bit bogus, because it won't matter for findsubquery's
@@ -186,6 +192,15 @@ findeq(QTNode *node, QTNode *ex, QTNode *subs, bool *isfind)
  * Recursive guts of findsubquery(): attempt to replace "ex" with "subs"
  * at the root node, and if we failed to do so, recursively match against
  * child nodes.
+ *
+ * Delete any void subtrees resulting from the replacement.
+ * In the following example '5' is replaced by empty operand:
+ *
+ *   AND       ->    6
+ *  /   \
+ * 5    OR
+ *     /  \
+ *    6    5
  */
 static QTNode *
 dofindsubquery(QTNode *root, QTNode *ex, QTNode *subs, bool *isfind)
@@ -196,45 +211,33 @@ dofindsubquery(QTNode *root, QTNode *ex, QTNode *subs, bool *isfind)
    /* also, since it's a bit expensive, let's check for query cancel. */
    CHECK_FOR_INTERRUPTS();
 
+   /* match at the node itself */
    root = findeq(root, ex, subs, isfind);
 
-   if (root && (root->flags & QTN_NOCHANGE) == 0 && root->valnode->type == QI_OPR)
-   {
-       int         i;
-
-       for (i = 0; i < root->nchild; i++)
-           root->child[i] = dofindsubquery(root->child[i], ex, subs, isfind);
-   }
-
-   return root;
-}
-
-/*
- * Delete any void subtrees that may have been inserted when the replacement
- * subtree is void.
- */
-static QTNode *
-dropvoidsubtree(QTNode *root)
-{
-   if (!root)
-       return NULL;
-
-   if (root->valnode->type == QI_OPR)
+   /* unless we matched here, consider matches at child nodes */
+   if (root && (root->flags & QTN_NOCHANGE) == 0 &&
+       root->valnode->type == QI_OPR)
    {
        int         i,
                    j = 0;
 
+       /*
+        * Any subtrees that are replaced by NULL must be dropped from the
+        * tree.
+        */
        for (i = 0; i < root->nchild; i++)
        {
-           if (root->child[i])
-           {
-               root->child[j] = root->child[i];
+           root->child[j] = dofindsubquery(root->child[i], ex, subs, isfind);
+           if (root->child[j])
                j++;
-           }
        }
 
        root->nchild = j;
 
+       /*
+        * If we have just zero or one remaining child node, simplify out this
+        * operator node.
+        */
        if (root->nchild == 0)
        {
            QTNFree(root);
@@ -267,9 +270,6 @@ findsubquery(QTNode *root, QTNode *ex, QTNode *subs, bool *isfind)
 
    root = dofindsubquery(root, ex, subs, &DidFind);
 
-   if (!subs && DidFind)
-       root = dropvoidsubtree(root);
-
    if (isfind)
        *isfind = DidFind;
 

diff --git a/src/test/regress/expected/tsearch.out b/src/test/regress/expected/tsearch.out
index 12af5a889712d55ea0fb94c6ff2389f902b7dcbb..59e2a06d0e6f94642a6a94f8bc3db2124b003663 100644 (file)
--- a/src/test/regress/expected/tsearch.out
+++ b/src/test/regress/expected/tsearch.out
@@ -908,6 +908,21 @@ SELECT ts_rewrite( 'bar & new & qq & foo & york', 'SELECT keyword, sample FROM t
  'citi' & 'foo' & ( 'bar' | 'qq' ) & ( 'nyc' | ( 'big' & 'appl' | 'new' & 'york' ) )
 (1 row)
 
+-- Check empty substitution
+SELECT ts_rewrite(to_tsquery('5 & (6 | 5)'), to_tsquery('5'), to_tsquery(''));
+NOTICE:  text-search query doesn't contain lexemes: ""
+ ts_rewrite 
+------------
+ '6'
+(1 row)
+
+SELECT ts_rewrite(to_tsquery('!5'), to_tsquery('5'), to_tsquery(''));
+NOTICE:  text-search query doesn't contain lexemes: ""
+ ts_rewrite 
+------------
+ 
+(1 row)
+
 SELECT keyword FROM test_tsquery WHERE keyword @> 'new';
     keyword     
 ----------------

diff --git a/src/test/regress/sql/tsearch.sql b/src/test/regress/sql/tsearch.sql
index a40bc307ba6d38d772743d3615913da8eb79397b..1ba2cdb3829b029be6a424eae5c156124a466dc1 100644 (file)
--- a/src/test/regress/sql/tsearch.sql
+++ b/src/test/regress/sql/tsearch.sql
@@ -322,6 +322,9 @@ SELECT ts_rewrite( 'moscow', 'SELECT keyword, sample FROM test_tsquery');
 SELECT ts_rewrite( 'moscow & hotel', 'SELECT keyword, sample FROM test_tsquery');
 SELECT ts_rewrite( 'bar & new & qq & foo & york', 'SELECT keyword, sample FROM test_tsquery');
 
+-- Check empty substitution
+SELECT ts_rewrite(to_tsquery('5 & (6 | 5)'), to_tsquery('5'), to_tsquery(''));
+SELECT ts_rewrite(to_tsquery('!5'), to_tsquery('5'), to_tsquery(''));
 
 SELECT keyword FROM test_tsquery WHERE keyword @> 'new';
 SELECT keyword FROM test_tsquery WHERE keyword @> 'moscow';